ExamGecko
Login
Ask Question

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 7

List of questions

Question 61

Report
Export
Collapse

Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication? Choose 2 answers

Salesforce license for sales users and Identity license for Marketing users
Salesforce license for sales users and Identity license for Marketing users
Salesforce license for sales users and External Identity license for Marketing users
Salesforce license for sales users and External Identity license for Marketing users
Identity license for sales users and Identity connect license for Marketing users
Identity license for sales users and Identity connect license for Marketing users
Salesforce license for sales users and platform license for Marketing users.
Salesforce license for sales users and platform license for Marketing users.
Suggested answer: A, D
asked 23/09/2024
Muhammad Imran
41 questions

Question 62

Report
Export
Collapse

Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

Access Tokens
Access Tokens
Mobile pins
Mobile pins
Refresh Tokens
Refresh Tokens
Scopes
Scopes
Suggested answer: D
asked 23/09/2024
RYAN UBANA
39 questions

Question 63

Report
Export
Collapse

Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

Refresh token
Refresh token
API
API
full
full
Web
Web
Suggested answer: A, B
asked 23/09/2024
josh hill
37 questions

Question 64

Report
Export
Collapse

universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team. What would be the recommended solution to grant mobile app access to sales users?

Use a custom attribute on the user object to control access to the mobile app
Use a custom attribute on the user object to control access to the mobile app
Use connected apps Oauth policies to restrict mobile app access to authorized users.
Use connected apps Oauth policies to restrict mobile app access to authorized users.
Use the permission set license to assign the mobile app permission to sales users
Use the permission set license to assign the mobile app permission to sales users
Add a new identity provider to authenticate and authorize mobile users.
Add a new identity provider to authenticate and authorize mobile users.
Suggested answer: B
asked 23/09/2024
Andres Romo
44 questions

Question 65

Report
Export
Collapse

Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers

Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.
Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.
Enable the "Enforce Ip restrictions" settings in the connected App.
Enable the "Enforce Ip restrictions" settings in the connected App.
Enable the "All users may self-authorize" setting in the Connected App.
Enable the "All users may self-authorize" setting in the Connected App.
Enable the "High Assurance session required" setting in the Connected App.
Enable the "High Assurance session required" setting in the Connected App.
Suggested answer: A, C
asked 23/09/2024
Asif Ibrahim
47 questions

Question 66

Report
Export
Collapse

The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
Suggested answer: C
asked 23/09/2024
Arslan Sheik
37 questions

Question 67

Report
Export
Collapse

Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?

SP-Initiated with Deep Linking
SP-Initiated with Deep Linking
SP-Initiated
SP-Initiated
IdP-Initiated
IdP-Initiated
User-Agent
User-Agent
Suggested answer: C
asked 23/09/2024
Arun Pandian
40 questions

Question 68

Report
Export
Collapse

Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate.

UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal.

When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

Web Application flow
Web Application flow
SAML Bearer Assertion flow
SAML Bearer Assertion flow
User-Agent flow
User-Agent flow
Web Server flow
Web Server flow
Suggested answer: D
asked 23/09/2024
SULIMAN ALGHURAIR
35 questions

Question 69

Report
Export
Collapse

Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get esignatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

Id
Id
Web
Web
Api
Api
Custom_permissions
Custom_permissions
Suggested answer: D
asked 23/09/2024
Russell Bartsch
39 questions

Question 70

Report
Export
Collapse

IT security at Unversal Containers (UC) us concerned about recent phishing scams targeting its users and wants to add additional layers of login protection. What should an Architect recommend to address the issue?

Use the Salesforce Authenticator mobile app with two-step verification
Use the Salesforce Authenticator mobile app with two-step verification
Lock sessions to the IP address from which they originated.
Lock sessions to the IP address from which they originated.
Increase Password complexity requirements in Salesforce.
Increase Password complexity requirements in Salesforce.
Implement Single Sign-on using a corporate Identity store.
Implement Single Sign-on using a corporate Identity store.
Suggested answer: A
asked 23/09/2024
Samuel Afonso de la Hoz
34 questions
Total 248 questions
Go to page: of 25
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?